Malware Escapes from Faraday Cages and Air-Gapped Computers

Faraday rooms or “cages” designed to prevent electromagnetic signals from escaping can nevertheless be compromised and leak highly sensitive data, according to new studies by BGU’s Cyber@BGU.

Research led by Dr. Mordechai Guri (pictured right), the head of research and development of Cyber@BGU showed for the first time that a Faraday room and an air-gapped computer that is disconnected from the internet will not deter sophisticated cyber attackers.

Air-gapped computers used for an organization’s most highly sensitive data might also be secluded in a hermetically-sealed Faraday room or enclosure, which prevents electromagnetic signals from leaking out and being picked up remotely by eavesdropping adversaries.

In two newly-released reports, the team demonstrated how attackers can bypass Faraday enclosures and air gaps to leak data from the most highly secured computers. The Odini method, named after the escape artist Harry Houdini, exploits the magnetic field generated by a computer’s central processing unit (CPU), to circumvent even the most securely- equipped room.

​​​

​“While Faraday rooms may successfully block electromagnetic signals which emanate from computers, low-frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” explains Dr. Guri. “That’s why a compass still works inside of a Faraday room. Attackers can use this covert magnetic channel to intercept sensitive data from virtually any desktop PCs, servers, laptops, embedded systems and other devices.”

In another documented cyberattack, researchers utilized malware keystrokes and passwords on an air-gapped computer to transfer data to a nearby smartphone via its magnetic sensor. Attackers can intercept this leaked data even when a smartphone is sealed in a Faraday bag or set on “airplane mode” to prevent incoming and outgoing communications. Click here to watch the demonstration.